pcap-log config: sguil-base-dir -> dir and update comment

The code already looks for "dir" first instead of "squil-base-dir", and already respects this configuration parameter in other modes than the "sguil" mode. Coda will still access "sguil-base-dir".
8 years ago · a6854147be
parent 214e97814c
commit a6854147be
1 changed files with 5 additions and 1 deletions
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -341,7 +341,11 @@ outputs:
      max-files: 2000

      mode: normal # normal, multi or sguil.
-      #sguil-base-dir: /nsm_data/
+
+      # Directory to place pcap files. If not provided the default log
+      # directory will be used. Required for "sguil" mode.
+      #dir: /nsm_data/
+
      #ts-format: usec # sec or usec second format (default) is filename.sec usec is filename.sec.usec
      use-stream-depth: no #If set to "yes" packets seen after reaching stream inspection depth are ignored. "no" logs all packets
      honor-pass-rules: no # If set to "yes", flows in which a pass rule matched will stopped being logged.